Horizon
Event-driven Software Development
Yesterday WorkOS announced Horizon.
In short, Horizon is an internal autonomous code factory. The engineer scopes the work, agents drive the implementation loop in the background, and the merge stays in human hands. A human files the first ticket in a Linear project and hands it to a “PM” agent, which carves the project into individual issues. An “implementation” agent picks one up, opens a cloud sandbox, gathers context, writes code, runs tests, and pushes a PR attributed to the human who owns the issue. After merge, the orchestrator re-evaluates anything that was blocked and kicks off the next run. The system is built to feed its own improvements back into the platform every cycle. The loop itself is impressive, but where it gets really good is what’s underneath it.
To make that loop work, the team had to solve the set of problems that show up the moment you try to put autonomous agents into a working company. Every PR has to be attributed to the actual person who owns the Linear issue, which means agents need scoped, short-lived GitHub tokens tied to that identity. Agents need context from Datadog, Sentry, and Slack without engineers wiring up a forest of credentials. Execution has to be sandboxed with explicit egress controls so a prompt injection doesn’t turn into data exfiltration. Humans have to stay in the review loop without becoming the bottleneck.
The stack that answers those problems runs on Pipes for cross-platform identity linking, MCP Auth securing identity-based access to a custom MCP context engine, Cloudflare Containers with Sandbox SDK for scoped execution, and a webhook-driven orchestrator that lives outside the sandbox itself. Pipes and MCP Auth are products WorkOS sells. The company now relies on its own product surface as core infrastructure. That matters because every product decision now doubles as an operational decision: the tool is no longer just what the company sells, but part of how the company runs.
WorkOS builds the substrate that lets you deploy AI agents inside a real business, and it builds AI agents inside a real business by leaning on its own substrate. The product strategy and the production stack are the same artifact.
The bigger story is about where the bottleneck in software is moving. Model quality is improving every quarter and coding harnesses are getting better every week. The marginal cost of generating code is collapsing. What remains expensive is everything around the code: trust, identity, scoping, attribution, audit, the discipline of getting changes safely into production. That’s where the next decade of value gets captured, and it’s a problem space WorkOS has been building for since well before “agent” was a category in anyone’s pitch deck.
Auth was always going to be the hard part of building software, and AI just made it the hardest.
I get to spend my days talking to founders and engineers who are wrestling with these problems. AI labs, infra companies, agent platforms, the long tail of teams trying to put autonomous software into customers’ hands without breaking the security model. The conversations are good because the problems are real.
There’s something powerful about selling the future by shipping it in the open, and telling the story of how we did it for ourselves using the same products we offer to the world.
It’s a rare vantage point in tech: helping bring critical infrastructure to market from inside a company already proving what it makes possible.
✌🏽 SR